Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eb8d3ed944a013777e2766d5e0e9154932e40ba6fb45c52e8a3a54f2b5afe745
-
Size
566KB
-
Sample
230503-zf91jagd94
-
MD5
111012ffd9002b9cf20c155f218eae78
-
SHA1
f6ec38e22f1f8f9adeeb6cf7485bacb36804d725
-
SHA256
eb8d3ed944a013777e2766d5e0e9154932e40ba6fb45c52e8a3a54f2b5afe745
-
SHA512
bf301827467f46e10f607613ee2daaa341f8b767042e0f8cfd03ec386cd9df7e79b9deb4ddf5f90cd13a8e1cfcf8ee5ca05473a56e8bdb9002727f8c71a26953
-
SSDEEP
12288:RMr1y90athA7wMtuhfLas8lMlrPBsOBfM/Ka9faG4B:wybYIhX8lGff60
Static task
static1
Behavioral task
behavioral1
Sample
eb8d3ed944a013777e2766d5e0e9154932e40ba6fb45c52e8a3a54f2b5afe745.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
darm
217.196.96.56:4138
-
auth_value
d88ac8ccc04ab9979b04b46313db1648
Targets
-
-
Target
eb8d3ed944a013777e2766d5e0e9154932e40ba6fb45c52e8a3a54f2b5afe745
-
Size
566KB
-
MD5
111012ffd9002b9cf20c155f218eae78
-
SHA1
f6ec38e22f1f8f9adeeb6cf7485bacb36804d725
-
SHA256
eb8d3ed944a013777e2766d5e0e9154932e40ba6fb45c52e8a3a54f2b5afe745
-
SHA512
bf301827467f46e10f607613ee2daaa341f8b767042e0f8cfd03ec386cd9df7e79b9deb4ddf5f90cd13a8e1cfcf8ee5ca05473a56e8bdb9002727f8c71a26953
-
SSDEEP
12288:RMr1y90athA7wMtuhfLas8lMlrPBsOBfM/Ka9faG4B:wybYIhX8lGff60
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-